We recently discovered that the SecureDrop Application and Monitor servers have swapfiles enabled on production instances. This is not intended behavior, and was identified during the expansion of our automated testing efforts. We intended to disable swap during installation, and discovered that this setting was not persisting across reboots. Since the machines are configured to reboot nightly, to aid in clearing memory, the method currently used is ineffective.
The defense-in-depth approach of SecureDrop is designed to protect against most forms of forensic analysis, in the event that a server is seized or compromised. Since running instances may have written sensitive information to disk in the past, we will release an update that scrubs all data on the swap partition prior to disabling it permanently.
We intend to publish packages for v0.3.12 to the apt.freedom.press repository on Monday, March 20, 2017. All currently running SecureDrop instances will automatically receive the update within 24 hours of release. We will announce the final release upon publishing the updated packages.